InternetLab participates in public hearing on cryptography and WhatsApp blocks
On June 2nd and 5th, the Superior Federal Court (STF) held a public hearing on the ADPF 403, which discusses the compatibility of WhatsApp blocking orders with freedom of communication, and the ADIN 5527, that discusses the constitutionality of items III and IV of art. 12 of the Brazilian Internet Civil Rights Framework, which authorize the imposition of “temporary suspension” sanctions and the “prohibition of the exercise of activities” of connection providers and Internet applications.
Among the 182 requests for participating in the hearing, InternetLab was admitted as one of the entities to be heard, after a selection that took into account the popularity of the technical representation and the expertise in the matter. The representation was made by Dennys Antonialli.
In his oral contribution and in his written manifestation (in Portuguese) sent to the Court, InternetLab intended to (i) offer data that allowed the identification of the circumstances in which the suspension of Internet applications in Brazil has been determined, a measure commonly called “blocking”; and (ii) to clarify the reasons behind the noncompliances with court orders by WhatsApp Inc., which motivated the suspensions.
The presented data are results from an academic research work made by InternetLab’s team about the topics addressed by the public hearing. On the one hand, they are the product of a mapping and analysis of all the publicly available judicial decisions which deal with Internet application blocking measures in Brazil — the research material was gathered and organized in the bloqueios.info platform. On the other, they are part of an interdisciplinary study on ways to access data and communication of Internet users by an investigative authority — a work that is annually published in the form of the “Surveillance of Communications in Brazil” report (in Portuguese).
What did we learn from studying Internet application blockings and their different types?
In a research made for the bloqueios.info platform, we were able to identify two main kinds of judicial orders for blocking of Internet applications in Brazil:
(i) the ones related to the noncompliance with judicial orders, of sanctionary and constraint character to obtain its fulfillment, and
(ii) the ones related to the plea of incompatibility of the product or of the service itself with the Brazilian legal system, which has a prohibitory character.
To exemplify: the blocking orders grouped in the first kind targeted applications like Facebook, WhatsApp, and Youtube. The ones in the second targeted Tubby, Secret, Uber, Tudo Sobre Todos, Filmes Online Grátis, among others.
The existence of this second group of cases shows that there are circumstances in which the blocking of applications can be legitimately determined. When there is a proven incompatibility between a determined product or service and the Brazilian legal system, the blocking to its access or functioning can be an adequate measure to inhibit the violation of rights. This would be the case of an application exclusively destined to the dissemination of contents linked to child pornography, for example.
On the other hand, the determination of blocking Internet applications on the cases in which there is a noncompliance with judicial orders is alarming, since their enforcement has serious repercussions for human rights, the economy, and for the Internet infrastructure. In these cases, InternetLab understands that the blocking orders are unconstitutional, as they represent an unjustified restriction to freedom of communication: there is no illegality of the service, nor efficient and less damaging alternative measures to demand the compliance with the decision and, as a result, there is a lack of legitimacy of the blocking measure.
The particularities of the WhatsApp case: jurisdiction conflicts and cryptography
The block of the WhatsApp application is precisely a case which has its origins in the resistance of the company to comply with orders from the Brazilian justice. At the center of the noncompliance, we find two main arguments:
(i) one of juridical nature: the company indicates that there are limits to the Brazilian jurisdiction over a company headquartered abroad, and
(ii) one of technical nature: that it would be impossible to gain access to the content of messages exchanged on the app due to the obstacles imposed by end-to-end encryption.
On the first topic, InternetLab draws the attention to the fact that there are mutual legal assistance treaties (MLATs), but that, aside from being slow and bureaucratic, these treaties were thought for physical objects and made to deal with exceptional cases. Digital data and their growing use as means of evidence challenge this regime. Despite this, they are the existing procedural method for the obtention of proof when there is a conflict between laws, such as between art. 11 of the Brazilian Internet Civil Rights Framework and the US legislation. On the contribution, we present a relevant clash between both juridical systems: the US legislation prohibits companies located in that country from sharing the content of communications with foreign investigation authorities.
Concerning end-to-end encryption, InternetLab argues that such technology is essential for the protection of the message confidentiality against malicious third parties and that, in the Brazilian legislation, there is not any prohibition on the use of this type of technology or any obligation of creating mechanisms of access to the content of the transmitted communications. The contribution emphasized the possibility of using other data generated by the app for investigation authorities and of the risks involved in measures for the “interception” of the content of previously encrypted messages:
“Any judicial determination that leads to the adoption of this kind of practice should take into account that it can be potentially harmful to rights, whether of the Internet provider, who is not explicitally prohibited by the Brazilian legislation from offering this type of serice, whether of Brazilian citizens who, differently from the citizens from other countries, would have their integrity and the security of their communications compromised” (Written contribution made by InternetLab for the public hearing on the ADPF 403 and ADI 5527)
InternetLab’s written manifestation can be read in full here [in Portuguese]
Translation: Ana Luiza Araujo